1

I have a website developed by using ASP.NET and DB is MYSQL. In there user authentication is done against registered users inside a table.

So What is this ASP.NET identity? Membership? things. When to use them? Are they secured approaches? Are they differ from what I am currently doing?

Thank you very much.

Prageeth Liyanage
  • 1,612
  • 2
  • 19
  • 41

2 Answers2

0

Aspnet.Identity is way to authenticate users. It makes life simple for you, creating code for cookie generation, maintaining database relationship, password recovery, password encryption, email intergration, extends authentication to link with Twitter, Facebook, Google, etc. It is a lot more that "user authentication against registered users inside a table."

You can find more information on Identity here: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

Microsoft has been continuously improving Identity making it more secure. However, there are always ways and one cannot help if the developer commits mistake.

However, given all the updates- Identity code has changed so much so that solutions which were valid 1 year back are no longer valid. One needs to dig deep to make simple changes for customization.

Here is how you can integrate Identity with a custom storage provider like MySQL: http://www.asp.net/identity/overview/getting-started/aspnet-identity-using-mysql-storage-with-an-entityframework-mysql-provider

Please note that primary key by default is GUID and currently there is no easy way to change the primary for MySQL integration to INT. You will find more details here: https://forums.asp.net/t/2062668.aspx?How+to+change+primary+key+for+Identity+with+MySQL+as+storage+provider

Moreover, there are many issues with MySQL and LINQ integration. Lazy loading issues, etc. This would be very evident even with a minor customization of Identity code. If you want to include Identity for user authentication I strongly suggest shifting to MS SQL instead of MySQL

Shyamal Parikh
  • 2,988
  • 4
  • 37
  • 78
0

ASP.NET membership: gives you a built-in way to validate and store user credentials. ASP.NET membership therefore helps you manage user authentication in your Web sites. You can use ASP.NET membership with ASP.NET forms authentication by using with the ASP.NET login controls to create a complete system for authenticating users.

ASP.NET membership supports facilities for:

  • Creating new users and passwords.
  • Storing membership information (user names, passwords, and supporting data) in Microsoft SQL Server, Active Directory, or an alternative data store.
  • Authenticating users who visit your site. You can authenticate users programmatically, or you can use the ASP.NET login controls to create a complete authentication system that requires little or no code.
  • Managing passwords, which includes creating, changing, and resetting them . - Depending on membership options you choose, the membership system can also provide an automated password-reset system that takes a user-supplied question and response.
  • Exposing a unique identification for authenticated users that you can use in your own applications and that also integrates with the ASP.NET personalization and role-management (authorization) systems.
  • Specifying a custom membership provider, which allows you to substitute your own code to manage membership and maintain membership data in a custom data store

When to use them

You can use ASP.NET membership when you want to create a login/sign up forms authentication with the ASP.NET login controls or custom login form design.

Here is a complete guilde on how to use ASP.NET Membership https://msdn.microsoft.com/en-us/library/ms731049(v=vs.110).aspx

king zecole
  • 59
  • 2